SecureSan Technologies
Resources

Security Checklists

One checklist per service we run, mapped to the standard that actually governs it. Tick items off as you go — your progress is shown per checklist and does not leave your browser.

Standards verified against the official sources on 14 July 2026.

Why the version numbers matter. The OWASP Top 10 was re-issued as the 2025 edition and it replaces the 2021 list most checklists still quote. Software Supply Chain Failures (A03) and Mishandling of Exceptional Conditions (A10) are new, Security Misconfiguration jumped to A02, and SSRF was absorbed into A01. If a provider is still scoping you against "OWASP Top 10 2021", that is a question worth asking them.

Web Application Security

OWASP Top 10:2025 ↗
0/10

The Top 10 was re-issued in 2025 and replaces the 2021 edition. Two categories are brand new (A03, A10) and SSRF has been absorbed into A01 — if a checklist you are using still lists SSRF separately, it is out of date.

Still the current edition as of July 2026 — there is no 2025/2026 API list. Six of the ten involve technically valid requests from a real, authenticated user, which is exactly why scanners miss them.

Mobile Application Security

OWASP MASVS v2.1.0 ↗
0/8

MASVS v2 is category-based — the old L1/L2 verification levels are gone; risk tiering now lives in the MASTG as testing profiles (MAS-L1, MAS-L2, MAS-R). MASVS is the requirement, MASTG is the test.

AI / LLM Application Security

OWASP Top 10 for LLM Applications (2025) ↗
0/10

The 2025 edition added System Prompt Leakage and Vector & Embedding Weaknesses, and rewrote Excessive Agency for real agent products. Treat it as a coverage map, not a tick-box list: prompt injection has no known complete fix, so the control has to be architectural.

Cloud Security Configuration

CIS Benchmarks · cloud provider baselines ↗
0/8

Cloud breaches are overwhelmingly misconfiguration, not exploitation. Map to the CIS Benchmark for your provider and treat drift as an incident.

Network & Infrastructure

NIST CSF 2.0 · CIS Controls v8 ↗
0/8

The goal is not a clean scan. The goal is that a single foothold cannot become domain compromise.

Secure Code Review

OWASP ASVS · OWASP Top 10:2025 ↗
0/8

A scanner reads syntax. A reviewer reads intent — which is why business-logic and authorisation flaws only fall out of manual review.

Auditors do not accept a scanner PDF. They accept scoped, dated, methodology-referenced evidence with a retest showing closure.

← Back to SecureSan Technologies